-
-
Notifications
You must be signed in to change notification settings - Fork 77
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Sleeyax <yourd3veloper@gmail.com> Co-authored-by: vladimir.razdrogin <vladimir.razdrogin@aliexress.ru>
- Loading branch information
1 parent
c7b5a2c
commit 05f420d
Showing
27 changed files
with
876 additions
and
330 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
/.idea/ | ||
.idea | ||
/.gradle/ | ||
/build/ | ||
*.h | ||
*.so | ||
*.dll | ||
*.dylib | ||
.DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -107,4 +107,4 @@ copy_linux_arm | |
copy_linux_arm64 | ||
copy_windows_amd64 | ||
copy_windows_386 | ||
buildJar "fat" | ||
buildJar "fat" |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,233 @@ | ||
package server | ||
|
||
import ( | ||
"context" | ||
"encoding/binary" | ||
"encoding/hex" | ||
"errors" | ||
"fmt" | ||
"io" | ||
"log" | ||
"net" | ||
"net/url" | ||
"strings" | ||
"sync" | ||
"syscall" | ||
"time" | ||
|
||
http "github.com/ooni/oohttp" | ||
"github.com/open-ch/ja3" | ||
) | ||
|
||
const ( | ||
tlsClientHelloMsgType = "16" | ||
|
||
maxConnErrors = 5 | ||
) | ||
|
||
type interceptProxy struct { | ||
burpClient *http.Client | ||
burpAddr string | ||
mutex sync.RWMutex | ||
clientHelloData map[string]string | ||
listener net.Listener | ||
ctx context.Context | ||
cancel context.CancelFunc | ||
} | ||
|
||
func newInterceptProxy(interceptAddr, burpAddr string) (*interceptProxy, error) { | ||
proxyURL, err := url.Parse(fmt.Sprintf("http://%s", burpAddr)) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
tr := &http.Transport{ | ||
Proxy: http.ProxyURL(proxyURL), | ||
} | ||
|
||
l, err := net.Listen("tcp", interceptAddr) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
ctx, cancel := context.WithCancel(context.Background()) | ||
|
||
return &interceptProxy{ | ||
burpClient: &http.Client{ | ||
Transport: tr, | ||
}, | ||
burpAddr: burpAddr, | ||
mutex: sync.RWMutex{}, | ||
clientHelloData: map[string]string{}, | ||
listener: l, | ||
ctx: ctx, | ||
cancel: cancel, | ||
}, nil | ||
} | ||
|
||
func (s *interceptProxy) getTLSFingerprint(sni string) string { | ||
s.mutex.RLock() | ||
defer s.mutex.RUnlock() | ||
|
||
return s.clientHelloData[sni] | ||
} | ||
|
||
func (s *interceptProxy) Start() { | ||
var errCounter int | ||
|
||
for { | ||
select { | ||
case <-s.ctx.Done(): | ||
return | ||
default: | ||
if errCounter > maxConnErrors { | ||
return | ||
} | ||
|
||
conn, err := s.listener.Accept() | ||
var netErr net.Error | ||
if errors.As(err, &netErr) && netErr.Timeout() { | ||
errCounter++ | ||
log.Println(err) | ||
time.Sleep(time.Second) | ||
continue | ||
} else if err != nil { | ||
log.Println(err) | ||
return | ||
} | ||
|
||
errCounter = 0 | ||
|
||
go s.handleConn(conn) | ||
} | ||
} | ||
} | ||
|
||
func (s *interceptProxy) Stop() error { | ||
s.cancel() | ||
return s.listener.Close() | ||
} | ||
|
||
func (s *interceptProxy) handleConn(in net.Conn) { | ||
defer in.Close() | ||
|
||
out, err := net.Dial("tcp", s.burpAddr) | ||
if err != nil { | ||
s.writeError(err) | ||
return | ||
} | ||
|
||
defer out.Close() | ||
|
||
inReader := io.TeeReader(in, out) | ||
outReader := io.TeeReader(out, in) | ||
|
||
var wg sync.WaitGroup | ||
|
||
wg.Add(2) | ||
|
||
go func() { | ||
defer wg.Done() | ||
s.readClientHello(inReader) | ||
}() | ||
|
||
go func() { | ||
defer wg.Done() | ||
s.readAll(outReader) | ||
}() | ||
|
||
wg.Wait() | ||
} | ||
|
||
func (s *interceptProxy) readClientHello(inReader io.Reader) { | ||
var readClientHello bool | ||
var length uint16 | ||
var clientHello []byte | ||
var err error | ||
|
||
for { | ||
if readClientHello { | ||
s.readAll(inReader) | ||
return | ||
} | ||
|
||
buf := make([]byte, 1) | ||
if _, err = inReader.Read(buf); err != nil { | ||
s.writeError(err) | ||
return | ||
} | ||
|
||
// catch ClientHello message type | ||
if hex.EncodeToString(buf) != tlsClientHelloMsgType { | ||
continue | ||
} | ||
|
||
clientHello = append(clientHello, buf...) | ||
|
||
// read tls version | ||
buf = make([]byte, 2) | ||
if _, err = inReader.Read(buf); err != nil { | ||
s.writeError(err) | ||
return | ||
} | ||
|
||
clientHello = append(clientHello, buf...) | ||
|
||
// read client hello length | ||
buf = make([]byte, 2) | ||
if _, err = inReader.Read(buf); err != nil { | ||
s.writeError(err) | ||
return | ||
} | ||
|
||
length = binary.BigEndian.Uint16(buf) | ||
clientHello = append(clientHello, buf...) | ||
|
||
// read remaining client hello by length | ||
buf = make([]byte, length) | ||
if _, err = inReader.Read(buf); err != nil { | ||
s.writeError(err) | ||
return | ||
} | ||
|
||
clientHello = append(clientHello, buf...) | ||
|
||
readClientHello = true | ||
|
||
j, err := ja3.ComputeJA3FromSegment(clientHello) | ||
if err != nil { | ||
s.writeError(err) | ||
return | ||
} | ||
|
||
s.mutex.Lock() | ||
s.clientHelloData[j.GetSNI()] = hex.EncodeToString(clientHello) | ||
s.mutex.Unlock() | ||
} | ||
} | ||
|
||
func (s *interceptProxy) readAll(reader io.Reader) { | ||
_, err := io.ReadAll(reader) | ||
if err != nil && !errors.Is(err, io.EOF) && !errors.Is(err, syscall.ECONNRESET) && !errors.Is(err, syscall.EPIPE) { | ||
s.writeError(err) | ||
} | ||
} | ||
|
||
func (s *interceptProxy) writeError(err error) { | ||
if errors.Is(err, io.EOF) { | ||
return | ||
} | ||
|
||
log.Println(err) | ||
|
||
reqErr := strings.NewReader(fmt.Sprintf("Awesome TLS intercept proxy error: %s", err.Error())) | ||
req, err := http.NewRequest("POST", "http://awesome-tls-error", reqErr) | ||
if err != nil { | ||
log.Println(err) | ||
} | ||
|
||
_, err = s.burpClient.Do(req) | ||
if err != nil { | ||
log.Println(err) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.